20.9 C
New York
Saturday, September 24, 2022

Buy now

How to protect your organization’s single sign-on credentials from being compromised

Half of the 20 most valuable public U.S. companies had at least one single sign-on credential for sale on the Dark Web by 2022, BitSight says.

Single Sign-On Concept - SSO - Authentication technology that allows users to sign in with a single ID to independent apps and devices within a network - 3D image.
Image: Adobe Stock

Single sign-on, or SSO, is considered an effective authentication method because it reduces the need for passwords and allows users to authenticate across applications and systems with just a single set of credentials. But what happens if your SSO credentials are compromised by attackers and used against you? A report published Monday by cybersecurity reporting service BitSight discusses the theft of SSO credentials and provides advice on how to protect your own organization from this threat.

By allowing the same credentials to access different systems, SSO offers several benefits, with three specific ones described by BitSight. Fewer account credentials means fewer targets for phishing attacks. Less time trying to log in means more time your employees can spend on critical tasks. And fewer credentials means fewer password resets and other hassles for your help desk and IT staff.

How do cybercriminals access SSO credentials?

The number of new SSO credentials for sale on the Dark Web increased in June and July 2022.
The number of new SSO credentials for sale on the Dark Web increased in June and July 2022. Image: BitSight

The downside of SSO credentials is that they are highly sought after by cyber criminals who can use them to access a variety of applications and systems. BitSight analyzed the Dark Web and found that 25% of companies in the S&P 500 and half of the 20 most valuable public companies in the United States had at least one SSO credential for sale by 2022.

Since January 2022, there has been a steady growth in the number of public company SSO credentials for sale on the Dark Web, according to BitSight. More than 1,500 new references became available for sale in June and July. While all types of businesses are vulnerable, the technology, manufacturing, retail, finance, energy and business services sectors were the most affected.

TO SEE: Mobile Device Security Policy (Tech Republic Premium)

What can happen if SSO credentials are compromised?

in a attack on SSO supplier Okta in January 2022, cybercriminals used the stolen credentials of one of the company’s suppliers to hack Okta itself. In the end, Okta broke off relations with the seller. In another incident, a major phishing attack hacked nearly 10,000 credentials and more than 5,000 multi-factor authentication codes from 136 different companies. Affected organizations included Twilio, Cloudflare and Okta.

“Login credentials can be relatively trivial to steal from organizations, and many organizations are unaware of the critical threats that can arise specifically from stolen SSO credentials,” said BitSight co-founder and CTO Stephen Boyer. “These findings should raise awareness and prompt rapid action to increase awareness of these threats.”

TO SEE: Password Breach: Why Pop Culture and Passwords Don’t Mix (Free PDF) (TechRepublic)

How can organizations protect their SSO credentials?

To protect your organization’s SSO credentials from compromise and Dark Web sales, BitSight offers the following three tips:

Don’t just rely on traditional multi-factor authentication

Using phishing campaigns, attackers can steal SSO credentials even if you have MFA enabled. How? A cyber criminal targets your employees with a fake login page. An unsuspecting recipient enters their credentials and their MFA code, giving the attacker access to the account and all authorized data and applications.

Switch to adaptive MFA

Adaptive MFA improves traditional authentication by assigning contextual rules and guidelines to decide whether the login request is granted. For example, this method looks at factors such as location, day and time, consecutive login failures, and source IP address to help determine whether the request is from the actual user.

Consider universal two-factor authentication

Universal Two-Factor Authentication, or U2F, typically uses a physical security key or fob as the single sign-on method. Since a physical key is required for authentication, fraudulent attempts to steal the credentials will fail. A recent cyber attack on content delivery network Cloudflare was prevented due to the company’s use of U2F keys.

“Businesses need to be aware of the risks posed by their key IT vendors,” Boyer says. “As we’ve seen repeatedly, insecure vendor credentials can give attackers the access they need to target large customer bases at scale. The impact of a single exposed SSO credential can be far-reaching.”

Source link

Related Articles


Please enter your comment!
Please enter your name here

Stay Connected


Latest Articles